Cloud or Closet: What’s Best for Internet Security?

Ready-mix producers are weighing the risks of keeping their data in-house

by Craig Yeack

Economies of scale hit the U.S. concrete industry in the mid-1980s and started a long-term rollup. Single plants were bought by local producers, locals rolled up to regionals, and regionals were bought by powerful national or global corporations. It’s happening again, but this time our industry is shifting from hosting software and data on-premise to cloud-based computing (aka remote servers hosted in third-party locations). Many producers are asking, “What about security?”

To be sure, many small ready-mix producers still thrive. Equally sure, there will always be a place for some software systems to be maintained on-premise. However, economics of scale, or better put, “economies of security” are as inescapable as gravity. Every company must seriously consider its ability to face cyber security threats. Following are common examples.

We’ve got Norton Antivirus; isn’t that enough? Antivirus and firewall software is good, but forms only a small part of the security tools needed for a commercial enterprise. The most important part of security fabric is having competent, well-trained staff to architect and administer the tools. After the foundational workplace transformation due to Covid-19, security experts are in excruciatingly short supply and expensive. If you have them, keep them happy!

Service denied. Denial-of-service attacks make a machine or network unavailable by overwhelming it with requests. The bonafide users are locked out. Just imagine an attack shutting down dispatch at 7:00 a.m. on a Tuesday morning! This is one of the more preventable cyber maladies, but detection and quick action must be built into your security protocols.

An iota of prevention goes a long way. The Internet of Things (IoT) connects lots of small devices to a common network. Problem is, these devices rarely have built-in security and they provide a juicy gateway into the network for hackers to steal data, shut down devices or worse. The problem is that we need IoT to run a modern business. Every “small” thing that needs to be monitored and controlled is moving to IoT. Vending machines, thermostats, security cameras and gates; you name it, IoT is there.

Even a fish wouldn’t get caught if it kept its mouth shut. Phishing uses email to carefully target specific folks in your company with irresistible bait of “messages” and links from others they trust. With just one click, in comes the malware and out goes the sensitive data. Combined with new methods for artificial intelligence, phishing is now the top corporate entry point for things like ransomware.

It’s Not Personal, Sonny. It’s Strictly Business. Ransomware would make Michael Corleone proud. Many producers that you would know by name have been crippled by remote hackers demanding Bitcoins for the release of their business. They had to pay. This is a game of high-tech cat and mouse; as we get better defenses, they make better tools.

There is no such thing as a former KGB man. This quote from Vladimir Putin is hauntingly true today as we are besieged with state-sponsored cybercrime. Ready-mix producers are as likely targets as any other industry. We are in the critical infrastructure business, building roads, bridges, power plants, airports, weapons storage and even nuclear facilities.

BETTER SECURE THAN SORRY
What then must we do to protect ourselves? The first thing is to make sure as much of our core computing as possible resides in a place with top shelf security. Cloud providers such as Amazon Web Services (AWS), IBM, Google and others provide world-class security tools and services.

Consider AWS, as an example. All customers benefit from AWS having its service offerings and associated supply chain vetted and accepted as secure enough for top-secret workloads. This combined with more than 25,000 employees—many of whom are dedicated to security—creates a win-win situation. IBM and Google have similar accolades.

The cloud can virtually eliminate some issues, like denial-of-service, and greatly reduce other risks like phishing, which can lead to ransomware. Segregate your networks to put IoT on an island. And bear in mind that even some cloud-based solutions can be poorly architected for security. Invest the time and expense in a simple audit before committing to a software provider.

Understand that, while your infrastructure will never be 100 percent risk-proof, in practice you do not need to be. You only need to be harder to breach than others. Hackers are driven by economic incentive and time is money. If you are hard to break, they will move onto another target.

So, cloud or closet? While it’s true you might need some small applications on-premise, you should move everything practical to the cloud and take advantage of world-class tools. Even old, on-premise software can often be moved to the cloud and benefit from security, even if there is little or no economic savings. Cloud providers will give you access to the very best professional services to help your internal staff create and guide your overall architecture. Let the hackers target the slower, less protected business. The economies of security are here.


Craig Yeack has held leadership positions with both construction materials producers and software providers. He is co-founder of BCMI Corp. (the Bulk Construction Materials Initiative), which is dedicated to reinventing the construction materials business with modern mobile and cloud-based tools. His Tech Talk column—named best column by the Construction Media Alliance in 2018—focuses on concise, actionable ideas to improve financial performance for ready-mix producers. He can be reached at [email protected].